AWS EFS and FSx

Question 1

I have a Windows EC2 instance, I need to connect to an EFS share, is this possible?

Answer 1

No EFS uses only the NFS protocol, no support for SMB for windows, but a separate service called FSx supports SMB for windows.

Question 2

What are EFS and FSx?

Answer 2

Elastic File System and FSx is an SMB shared file system

Question 3

What protocols are available in EFS?

Answer 3

NFS, SMB is not supported but a separate service called SFx supports SMB for windows.

Question 4

With EFS do you provision storage upfront like EBS?

Answer 4

No, you only pay for what you use, much like S3.

Question 5

I have to store some files, what is the cost difference between EBS, EFS or S3?

Answer 5

EFS is 3 times more expensive than EBS and 20 times more expensive than s3

Question 6

I currently have a single server as an NFS file store, this is in a single AZ, what options do I have to make it highly available?

Answer 6

You can use EFS, as EFS data is across multiple AZ’s and scales and you pay for storage.

Question 7

I want to ensure my application can connect to EFS to access data if an AZ was to fail, what options do I have?

Answer 7

Create mount-points in multiple AZ’s

Question 8

Should i use over the internet to connect to EFS?

Answer 8

No

Question 9

What is EFS file sync agent?

Answer 9

It is an agent thet wil sit on a VM/Physical or Instance and sync your data with EFS.

Question 10

Can I snapshot EFS?

Answer 10

No

Question 11

Is EFS data stored across AZ?

Answer 11

Yes

Question 12

Can I store GB or even PB in EFS?

Answer 12

Yes EFS is good for PB

Question 13

When should I use EFS over Object?

Answer 13

strong consistency

file locking

Question 14

How do I take a backup of EFS?

Answer 14

Using AWS Backup

Question 15

When creating a VPC, where do you place the endpoint?

Answer 15

In a VPC in one or more subnets across multipal AZ’s

Question 16

I have a separate account and I want to share my EFS, how can this be possible?

Answer 16

You will create a VPC in the external account and peer to the vPC with the EFS endpoint.

Question 17

I have an EFS with an endpoint in my VPC, how can I connect from on-premise?

Answer 17

You create a VPN or direct connection and access the endpoint vis the VPC.

Question 18

In what VPC subnet in the VPC will the EFS endpoint be created?

Answer 18

You select the subnet in a AZ

Question 19

I want to ensure high availability of the application using EFS, how should I arrange the endpoints?

Answer 19

Multiple EP across AZ’s in respective subnets.

Question 20

I need to ensure thta EFS has available r/w preformance at all times what is nmy bets option?

Answer 20

Chose to use provisioned through put over burst

Question 21

Is data encrypted at reast by default?

Answer 21

No, you have to enable it.

Question 22

What storage classes are available with EFS?

Answer 22

S3 standard

Infrequent access

Question 23

I wnat to ensure data in EFS is at the lowest cost posisble, this data is not accessed tow often, what is my best option?

Answer 23

Enable life cycle managment, data will be moved to IA S3 storage.

Question 24

How dose EFS scale?

Answer 24

EFS is a service not a server, unconstranted number of storage servcers, unlike triditional approch.

Question 25

How much through put can you get form EFS?

Answer 25

It scvales as the file system grows, 50MB per TB

Question 26

What is bursting and provisioned through put?

Answer 26

If you wnat to select the through put indepnadnt of the storage size as you get 50mbs per TC.

Question 27

How can I control who has permisison to access folders/directories oin the EFS files system?

Answer 27

Whet the EFS file system is created, the only user thet has access is the root user, he/she can then set th epermissions of any folder/dire in the file system.

Question 28

How do I secure access to EFS?

Answer 28

You secure IAM?

Question 29

How do you pay for EFS?

Answer 29

You pay for storage, cost is way higher then S3, about 10 times, you for each GB stored. You also pay for provisioned through put. If you are using S3-IA then you pay less then if stored in S3.

Question 30

When lifecycle managmen t is enabled in EFS, when i sdat automaticaly moved?

Answer 30

after 30 days it is moved to S3-IA.

Question 31

When I use EFS life cycle managemnt to move data to S3-IA, iks there anything i need to be concerned about/

Answer 31

First byte data read from S3-IA will have higher latency.

Question 32

How do I copy data from on-prem to EFS?

Answer 32

Datasync

Copy over direct conect or VPN

Question 33

Can I copy EFS data between regions?

Answer 33

No.

Question 34

How cna I access EFS form on-prem?

Answer 34

Over VPN or DirectConenct.

Question 35

I wnat ot shift large number of small files to EFS, what is my bets option to do it with out using any other tooling or services, only native protocal?

Answer 35

Parrell the copy of files.

Question 36

I wnat to copy large amount of dat to EFS, what are my options?

Answer 36

Use DataSync as it is 5x faster then copying using linux tooling.

Question 37

Where does EFS live, in or outside a VPC?

Answer 37

Inside a VPC, you select a VPC during creation, the targets are created inside the VPC subnets in each AZ.

Question 38

Where are targets created for EFS?

Answer 38

They have created inside a VPC subnets in each AZ, you select the AZ and subnets you wnat.

Question 39

I have an application that used shared storage (NFS), there is only one instance of my application running in a single VPC AZ and subnet, in the event of a failure the application automatically fails over to another AZ and subnet, what do I need to do for my shared storage?

Answer 39

You need to configure two targets during creation, one target in each of the availability zones and subnets so when the application fails over it is able to use the target in the other AZ.

Question 40

I wnat to secure my EFS in my VPC, what is the best option available?

Answer 40

I can use security groups associated with the EFS targets in the VPC subnets/ AZs. This allows me to have a separate security group for my target or you can even share an existing security group.

Question 41

My organization requires that all data in transit and at rest is encrypted, how can I meet this requirement from EFS?

Answer 41

EFS enables you to select if the EFS volume is encrypted you can select a KMS master key.

Question 42

Is EFS metadata (files names, etc) encrypted at rest?

Answer 42

Yes, the metadata is seperate from the file data and by default, EFS encrypts automatically all metadata.

Question 43

Is EFS file data encrypted by default?

Answer 43

No, you have to select it in the config and select a KMS key to use, you can create a KMS key or use the default managed key form =AWS for EFS service.

Question 44

My organization requires that all data in transit and at rest is encrypted, how can I enable in transit encryption on EFS?

Answer 44

You can not do it in the EFS service but it is enabled when the client connect on the client side.

Question 45

I have an EFS deployed with its own security group and no ports allowed, I also have an instance in the same VPC/AZ and subnet and this instance has its own security group with no ports open. I wnat to connect from my instances to the EFS, what do I need to do?

Answer 45

Both security groups will block traffic between the instance and the EFS mount target in the subnet. You have to open ports in both security groups.

Question 46

Where do I control the permission on the EFS volume file system?

Answer 46

From the Linux OS, the root user gets full access, you cna use the Linux command line to set permissions.

Question 47

Where are permissions controlled for EFS?

Answer 47

• From access to the EFS service, they are controlled form AWS IAM.
• From an EFS file system perspective, they are controlled from the Linux OS and initially by the root user.

Question 48

I wnat to backup my EFS files systems, what options do I have?

Answer 48

You cna use AWS Backup.

Question 49

Is dat synchronous replicated across availability zones/

Answer 49

Yes

Question 50

What is EFS food for?

Answer 50

• Big Data
• Analytics
• Web hosting (Wordpress)

Question 51

I require static web content on a global scale, should I use EFS?

Answer 51

No, as S3 is a better option as it is lower cost, scales and also can be an origin for CloudFront.

Question 52

What is FSx used for?

Answer 52

It is for creating thirdpasty file systems like SMB and Luster

Question 53

I need to provision shared file storage for my windows instances, what are my best options?

Answer 53

You can use FSx to create an SMB shared file system and connect you windows file shared to it.

Question 54

I need to provision a LUSTER files system what AWS service should I use?

Answer 54

You can use the FXs as it supports both SMB (Windows) and LUSTER(HPC)

Question 55

What would I use FSx-LUSTER for?

Answer 55

• Media
• ML
• Predictive analytics

Question 56

For FXs, do I pay for what I use or is it pay up front?

Answer 56

You have to select the storage capacity size upfront, pay as you use is not an option.

Question 57

I am using FSx and I need I availability for my application, how can I use FXx -SMB to solve my availability issues?

Answer 57

You cant, FSx is only available in a single availability zone.

Question 58

How cna I secure my AWS-SMB targets for other network instances in any subnets?

Answer 58

When creating the FSx-SMB you select a security group to act as a firewall.

Question 59

I am using FSx-SMB how cna I encrypt my file system, do I need third party software?

Answer 59

No, by default your files system is encrypted using an AWS managed key (KMS)

Question 60

I am using FSx-SMB, can I manage my own FSx encryption keys?

Answer 60

Yes, you cna use your own KMS managed keys (customer keys).

Question 61

I need to create an AWS FSx-SMB, are their other services I need to have in place before creating the FSx share?

Answer 61

Yes, you need a working active directory in the VPC, FSx will use this AD for access control.